PAC warns against CSC monopoly

3 August 2011Jon Hoeksma

The Commons’ public accounts committee has warned the government not to let the Department of Health award a new contract to CSC that would give it “an effective monopoly” in the North Midlands and East of England.

The PAC’s report on the National Audit Office’s investigation of the delivery of detailed care records by the National Programme for IT in the NHS says that both BT and CSC have failed to meet commitments, and damns weak programme management by the DH.

Margaret Hodge MP, chair of the PAC, said: "[The Department] should now urgently review whether it is worth continuing with the remaining elements of the care records system.

“The £4.3 billion which the Department expects to spend might be better used to buy systems that are proven to work, that are good value for money and which deliver demonstrable benefits to the NHS.”

Parliament’s spending watchdog says the Cabinet Office’s Major Projects Authority should be asked to “exercise very close scrutiny over the DH’s continuing negotiations with CSC”, which has missed a series of deadlines to supply iSoft’s Lorenzo electronic patient record system to trusts in the NME. It urges the government to review whether CSC “has proved itself fit” to tender for future government work.

“One supplier, CSC, has yet to deliver the bulk of the systems it is contracted to supply and has instead implemented a large number of interim systems as a stopgap,” says the report.

“There have been major delays in the North, Midlands and East, where just 10 of 166 trusts have received only the most basic Lorenzo system, and no system has yet been successfully delivered in a mental health trust.”

The PAC report says that instead of providing contracted systems CSC has instead provided lesser ‘interim’ alternatives that had been rejected when contracts were originally awarded.

It warns that rather than holding CSC to its contract commitments the DH is planning to award a deal that would enable it to offer older software to a much smaller number of NHS trusts.

It states that the DH must not now reward CSC’s failure with a new contract on favourable terms. “It is important that CSC, particularly given its proposed purchase of iSoft, does not acquire an effective monopoly in the provision of care records in the North, Eastern and Midlands clusters.”

CSC’s purchase of iSoft, its main software subcontractor and the developer of Lorenzo, was completed last Friday.

The report warns such a move could have dire consequences for NHS trusts: “This could result in the Lorenzo system being dropped as the system of choice and many trusts left with little choice but to continue with out-dated interim systems that could be very expensive to maintain, or accept a system of CSC’s choice.”

It warns against a repeat of the kind of new deal awarded to BT, which had also been unable to deliver against its original contract, which slashed the number of new systems while increasing the price for each system.

As part of any new contract the PAC say that CSC “should not be given minimum guarantees or a license to sell a product other than that procured and selected by the programme within the LSP contract.”

MP Richard Bacon, a close follower of the national programme who triggered the latest NAO investigation, said: “The DH is unable to show what has been achieved for the £2.7 billion spent so far on care records systems.

"The only good news from this fiasco is that every move of the DH in this area will now be subject to the closest scrutiny from the Cabinet Office”.

A DH spokesperson said: “The government recognises the weaknesses of a top-down, centrally-imposed IT system.

"We have reduced spending on the NHS IT programme by £1.3 billion. We are engaging with the NHS to ensure it delivers even greater benefits for patients.

“We are determined to deliver even more value for money from the programme. The findings of the Public Accounts Committee, alongside the outcome of the Major Project Review Authority, will contribute to the planning currently underway for future informatics support to the modernised NHS.”

The failure of NPfIT proves that taking away market forces removes all incentive to deliver: it also removes any incentive for innovation or cost reduction. We look like we could be creating a further market failure in allowing CSC free access to a market they have failed to serve with a product that we the taxpayer have subsidised.

Surely, if CSC are ever allowed to sell into the NHS, the Government must seek a rebate of monies paid under NPfIT, on a per system basis.

A key deliverable of NPfIT was the SPINE which links all the individual systems to provide the country wide access to a patients record - by now this was supposed to be hosting more than just the demographics and GP details of patients; so are CSC to blame for this or inexperience of the DoH commissioners with regard to large IT systems?

Radiology PACS has been one of the successes in healthcare IT in NHS in the last 10 years. Global standards are key to the success.

We are trying to get market forces to drive down the price of PACS. We currently pay over the odds for PACS through LSP. However, the issue lies with vendors trying to lock NHS in. However, thanks to global standard of DICOM we should be able to move from one PACs vendor to another. Better systems at half the price :)

Yes - global interoperability standards are key. No argument there. But Tim's right - getting the almost 'incomprehensible' presentation of that material into usable form remains a challenge.

No, PACS in CfH was not a success. Yes, it eventually got systems in to all trusts; but generally more slowly, at higher cost and with less local and regional integration than was already well underway.

Neelam is quite right. We need a set of interoperability standards that is fit for purpose. Quite simply this is paramount. The newly issued Interoperability Tool-Kit (ITK) Release 2 is an important step in the right direction, although it presents the NHS and suppliers with a big education and implementation challenge. It is probably incomprehensible to anyone who does not already speak HL7 quite fluently already. It needs to be extended to cover XDS, XCA and DICOM.

My last reply to her post is yet to be approved, however ITK2 is yet another set of arcane CfH documents. Would it not be simpler to build the solution which is central system facing, then expose a nubmer of web service interfaces which any supplier could then consume. This would make testing far simpler as all that would be tested would be the supplers ability to invoke the aproprate service in the appropriate way. The complexity of all the statndards is effectively hidden. More suppliers would become compliant more quickly giving the NHS more choice and it would push the price of soluitons down.

That PAC has warned against a monopoly does not mean that CSC actually have one, more probably that PAC feel they should make bold statements to catch everyone's attention, which they have.

The UK healthcare IT market has an increasing range of quality competition. Equally, all that is iSoft is not wrong either; with a long history of supplying the NHS (under various names and ownership) they are a major player.

What has changed however, and what will nullify the monopoly fears, is the return to an open market with a level playing field for all suppliers.

OK the remnants of the NPfIT/LSP contracts have to be mopped up, but realistically most NHS organisations can press ahead with their own IT strategy now, funding permitting.

iSoft/CSC will only flourish if they provide the products, prices and service that the market wants, like any other supplier. I would argue that we should hope they do thrive too, as loss of suppliers does not help the NHS. But as to a monopoly, unlikely now LSPs reach their sell by date. More likely that CSC will look to its global market and seek to rationalise iSofts product portfolio.

I think PAC may have underestimated the global market for health informatics systems. Trusts have shown willing to bring in US solutions if it's appropriate.

What's more significant to me is that once you have a PAS it's very costly to change it. This lock-in is much more significant. I suspect we'll see the industry address this issue in much the same way as has happened in the ERP market. They move away from a big capital investment of a solution into a set of services and finally the cloud.

Your article fails to highlight the other key feature in the PAC report

"We are very concerned at the lack of evidence of risk management of security issues which may arise as a result of medical records being held electronically."

If Sony, The SUN, The CIA and others cannot keep their records secure, how can we expect electronic health records, in an individual hospital, to be any different?

Has anybody thought through the difficulties of maintaining internal security in a hospital environment, where the reasons for access can change so quickly when a patient presents with a new condition and a whole new channel of treatment, with the involvement of a new team of people, opens up?

And what confidence can we have that there will be adequate resistance to hackers who would take great delight from publicising the personal details of the next celebrity to be admitted?

Yes, it was an odd line. I assumed it went into the report because some MPs asked about "security" at the PAC hearing. The questions weren't very sophisticated or informed; but it's an easy issue to raise and one that probably resonates with constituents. There's no evidence the PAC wants anything in particular done; when it has very precise recommendations for the other issues it raises.

As you suggesting that the NHS is different to everywhere else in the world when it comes to keeping yours or my personal details private and confidential that the employees of the NHS are incapable of managing this?

Electronic patient records have been used for 20 to 30 years now by GPs and the world hasn't ended yet?

Internal security in a hospital environment - EVERYONE in the NHS has a personal responsibility to ensure records (electronic or otherwise) are handled accordingly, with a common sense approach to the siting of display terminals.

Passwords should not be shared, and smart cards should be treated just as you own credit cards would be.

It isn't rocket science and I wish we would stop treating it like it is.

If any individual cannot keep their passwords to themselves, or leave their smart cards lying around then they are a risk and should be looking for a job elsewhere with less responsibilities.

I pleased to see that the Information Commissioner is (at long last) starting to act on this matter and individuals as well as organisations now being held accountable.